v3.11.0

What's Changed

Warning

v3.11.0 can produce oversized preload Link headers on some routes, which may
cause 502 Bad Gateway behind nginx. Upgrade to v3.11.1.

This release adds the option to show the map in a globe view, rather than a flat map.
Additionally, you can now enable a time of day layer, to show where it is currently day and night on the map, and a rain layer to show where it is currently raining.
It is also now possible to attach a flight track to a flight, meaning instead of the map showing the flight path as a uniform arc, it will show the actual path the flight took, including taxiing if the data contains it. Tracks can be uploaded as GPX, KML, FR24 CSV, or FlightAware CSV files.

This release also includes two small security hardening fixes.

AirTrail no longer exposes user password hashes in page data or user API responses. These were Argon2id hashes, not plaintext passwords, and are only useful if someone can also guess the original password. For context, this mainly matters for weak or reused passwords; a random 12-character mixed letter/number password would be far out of reach, taking roughly a billion years to brute-force at 100,000 guesses per second. Advisory: GHSA-vwj8-562r-m3qw

OAuth account linking has also been tightened. AirTrail now validates OAuth state/PKCE data and requires the local AirTrail user password before linking an OAuth login to an existing account. The account takeover scenario required a very unusual setup: an open or compromised identity provider able to claim another user’s username. Advisory: GHSA-w7fj-fm46-r3fc

🚀 Features

• feat: globe view by @johanohly in #589
• feat: flight tracks by @johanohly in #592

🔒 Security

• fix: harden OAuth account linking by @johanohly in #616
• fix: stop exposing user password hashes by @johanohly in #617

🌟 Enhancements

• feat: improve flight filters by @johanohly in #607
• feat: time of day layer by @johanohly in #595
• feat: rain layer by @johanohly in #596
• feat: add OpenFlights importer by @johanohly in #599
• feat: add JetLovers importer by @johanohly in #612
• feat: add uniform airport circle size by @johanohly in #598
• feat: add statistics API endpoint by @mhlas7 in #606
• feat: improve statistics drilldowns by @johanohly in #621

🐛 Bug fixes

• fix: allow scheduled-only future flights by @johanohly in #620
• fix: add fallback for Carto map style fetch failures by @johanohly in #587
• fix: improve import validation error handling by @johanohly in #597
• fix: align username validation by @johanohly in #618
• fix: AirTrail importer backwards-compatibility by @johanohly in #619

New Contributors

• @pghope made their first contribution in #580

Full Changelog: v3.10.0...v3.11.0